Sandbox the OUT_DIR environment variable
Currently, OUT_DIR is inherited from the parent process, leading to
scripts being able to find the output directory when the enviornment
variable is set to an absolute path. When sandboxing a command,
also rewrite the OUT_DIR environment variable to the sandboxed one,
so that scripts can't find the real out dir.
Bug: 307824623
Test: Presubmits
Change-Id: I325071121a60bddc4105df680fbdfe3d11dc94e2
diff --git a/android/rule_builder.go b/android/rule_builder.go
index 464aca4..95e2b92 100644
--- a/android/rule_builder.go
+++ b/android/rule_builder.go
@@ -580,6 +580,16 @@
})
}
+ // Set OUT_DIR to the relative path of the sandboxed out directory.
+ // Otherwise, OUT_DIR will be inherited from the rest of the build,
+ // which will allow scripts to escape the sandbox if OUT_DIR is an
+ // absolute path.
+ command.Env = append(command.Env, &sbox_proto.EnvironmentVariable{
+ Name: proto.String("OUT_DIR"),
+ State: &sbox_proto.EnvironmentVariable_Value{
+ Value: sboxOutSubDir,
+ },
+ })
command.Chdir = proto.Bool(true)
}
diff --git a/cmd/sbox/sbox.go b/cmd/sbox/sbox.go
index e69a930..6459ea1 100644
--- a/cmd/sbox/sbox.go
+++ b/cmd/sbox/sbox.go
@@ -27,6 +27,7 @@
"os"
"os/exec"
"path/filepath"
+ "regexp"
"strconv"
"strings"
"time"
@@ -51,6 +52,8 @@
sandboxDirPlaceholder = "__SBOX_SANDBOX_DIR__"
)
+var envVarNameRegex = regexp.MustCompile("^[a-zA-Z0-9_-]+$")
+
func init() {
flag.StringVar(&sandboxesRoot, "sandbox-path", "",
"root of temp directory to put the sandbox into")
@@ -238,6 +241,48 @@
return &manifest, nil
}
+func createEnv(command *sbox_proto.Command) ([]string, error) {
+ env := []string{}
+ if command.DontInheritEnv == nil || !*command.DontInheritEnv {
+ env = os.Environ()
+ }
+ for _, envVar := range command.Env {
+ if envVar.Name == nil || !envVarNameRegex.MatchString(*envVar.Name) {
+ name := "nil"
+ if envVar.Name != nil {
+ name = *envVar.Name
+ }
+ return nil, fmt.Errorf("Invalid environment variable name: %q", name)
+ }
+ if envVar.State == nil {
+ return nil, fmt.Errorf("Must set state")
+ }
+ switch state := envVar.State.(type) {
+ case *sbox_proto.EnvironmentVariable_Value:
+ env = append(env, *envVar.Name+"="+state.Value)
+ case *sbox_proto.EnvironmentVariable_Unset:
+ if !state.Unset {
+ return nil, fmt.Errorf("Can't have unset set to false")
+ }
+ prefix := *envVar.Name + "="
+ for i := 0; i < len(env); i++ {
+ if strings.HasPrefix(env[i], prefix) {
+ env = append(env[:i], env[i+1:]...)
+ i--
+ }
+ }
+ case *sbox_proto.EnvironmentVariable_Inherit:
+ if !state.Inherit {
+ return nil, fmt.Errorf("Can't have inherit set to false")
+ }
+ env = append(env, *envVar.Name+"="+os.Getenv(*envVar.Name))
+ default:
+ return nil, fmt.Errorf("Unhandled state type")
+ }
+ }
+ return env, nil
+}
+
// runCommand runs a single command from a manifest. If the command references the
// __SBOX_DEPFILE__ placeholder it returns the name of the depfile that was used.
func runCommand(command *sbox_proto.Command, tempDir string, commandIndex int) (depFile string, err error) {
@@ -313,6 +358,12 @@
return "", fmt.Errorf("Failed to update PATH: %w", err)
}
}
+
+ cmd.Env, err = createEnv(command)
+ if err != nil {
+ return "", err
+ }
+
err = cmd.Run()
if err != nil {
diff --git a/cmd/sbox/sbox_proto/sbox.pb.go b/cmd/sbox/sbox_proto/sbox.pb.go
index 7c84f2c..271039c 100644
--- a/cmd/sbox/sbox_proto/sbox.pb.go
+++ b/cmd/sbox/sbox_proto/sbox.pb.go
@@ -14,8 +14,8 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
-// protoc-gen-go v1.26.0
-// protoc v3.9.1
+// protoc-gen-go v1.33.0
+// protoc v3.21.12
// source: sbox.proto
package sbox_proto
@@ -116,6 +116,13 @@
// A list of files that will be copied before the sandboxed command, and whose contents should be
// copied as if they were listed in copy_before.
RspFiles []*RspFile `protobuf:"bytes,6,rep,name=rsp_files,json=rspFiles" json:"rsp_files,omitempty"`
+ // The environment variables that will be set or unset while running the command.
+ // Also see dont_inherit_env.
+ Env []*EnvironmentVariable `protobuf:"bytes,7,rep,name=env" json:"env,omitempty"`
+ // By default, all environment variables are inherited from the calling process, but may be
+ // replaced or unset by env. If dont_inherit_env is set, no environment variables will be
+ // inherited, and instead only the variables in env will be defined.
+ DontInheritEnv *bool `protobuf:"varint,8,opt,name=dont_inherit_env,json=dontInheritEnv" json:"dont_inherit_env,omitempty"`
}
func (x *Command) Reset() {
@@ -192,6 +199,129 @@
return nil
}
+func (x *Command) GetEnv() []*EnvironmentVariable {
+ if x != nil {
+ return x.Env
+ }
+ return nil
+}
+
+func (x *Command) GetDontInheritEnv() bool {
+ if x != nil && x.DontInheritEnv != nil {
+ return *x.DontInheritEnv
+ }
+ return false
+}
+
+type EnvironmentVariable struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // The name of the environment variable
+ Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"`
+ // Types that are assignable to State:
+ //
+ // *EnvironmentVariable_Value
+ // *EnvironmentVariable_Unset
+ // *EnvironmentVariable_Inherit
+ State isEnvironmentVariable_State `protobuf_oneof:"state"`
+}
+
+func (x *EnvironmentVariable) Reset() {
+ *x = EnvironmentVariable{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_sbox_proto_msgTypes[2]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *EnvironmentVariable) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EnvironmentVariable) ProtoMessage() {}
+
+func (x *EnvironmentVariable) ProtoReflect() protoreflect.Message {
+ mi := &file_sbox_proto_msgTypes[2]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use EnvironmentVariable.ProtoReflect.Descriptor instead.
+func (*EnvironmentVariable) Descriptor() ([]byte, []int) {
+ return file_sbox_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *EnvironmentVariable) GetName() string {
+ if x != nil && x.Name != nil {
+ return *x.Name
+ }
+ return ""
+}
+
+func (m *EnvironmentVariable) GetState() isEnvironmentVariable_State {
+ if m != nil {
+ return m.State
+ }
+ return nil
+}
+
+func (x *EnvironmentVariable) GetValue() string {
+ if x, ok := x.GetState().(*EnvironmentVariable_Value); ok {
+ return x.Value
+ }
+ return ""
+}
+
+func (x *EnvironmentVariable) GetUnset() bool {
+ if x, ok := x.GetState().(*EnvironmentVariable_Unset); ok {
+ return x.Unset
+ }
+ return false
+}
+
+func (x *EnvironmentVariable) GetInherit() bool {
+ if x, ok := x.GetState().(*EnvironmentVariable_Inherit); ok {
+ return x.Inherit
+ }
+ return false
+}
+
+type isEnvironmentVariable_State interface {
+ isEnvironmentVariable_State()
+}
+
+type EnvironmentVariable_Value struct {
+ // The value to set the environment variable to.
+ Value string `protobuf:"bytes,2,opt,name=value,oneof"`
+}
+
+type EnvironmentVariable_Unset struct {
+ // This environment variable should be unset in the command.
+ Unset bool `protobuf:"varint,3,opt,name=unset,oneof"`
+}
+
+type EnvironmentVariable_Inherit struct {
+ // This environment variable should be inherited from the parent process.
+ // Can be combined with dont_inherit_env to only inherit certain environment
+ // variables.
+ Inherit bool `protobuf:"varint,4,opt,name=inherit,oneof"`
+}
+
+func (*EnvironmentVariable_Value) isEnvironmentVariable_State() {}
+
+func (*EnvironmentVariable_Unset) isEnvironmentVariable_State() {}
+
+func (*EnvironmentVariable_Inherit) isEnvironmentVariable_State() {}
+
// Copy describes a from-to pair of files to copy. The paths may be relative, the root that they
// are relative to is specific to the context the Copy is used in and will be different for
// from and to.
@@ -209,7 +339,7 @@
func (x *Copy) Reset() {
*x = Copy{}
if protoimpl.UnsafeEnabled {
- mi := &file_sbox_proto_msgTypes[2]
+ mi := &file_sbox_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -222,7 +352,7 @@
func (*Copy) ProtoMessage() {}
func (x *Copy) ProtoReflect() protoreflect.Message {
- mi := &file_sbox_proto_msgTypes[2]
+ mi := &file_sbox_proto_msgTypes[3]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -235,7 +365,7 @@
// Deprecated: Use Copy.ProtoReflect.Descriptor instead.
func (*Copy) Descriptor() ([]byte, []int) {
- return file_sbox_proto_rawDescGZIP(), []int{2}
+ return file_sbox_proto_rawDescGZIP(), []int{3}
}
func (x *Copy) GetFrom() string {
@@ -274,7 +404,7 @@
func (x *RspFile) Reset() {
*x = RspFile{}
if protoimpl.UnsafeEnabled {
- mi := &file_sbox_proto_msgTypes[3]
+ mi := &file_sbox_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -287,7 +417,7 @@
func (*RspFile) ProtoMessage() {}
func (x *RspFile) ProtoReflect() protoreflect.Message {
- mi := &file_sbox_proto_msgTypes[3]
+ mi := &file_sbox_proto_msgTypes[4]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -300,7 +430,7 @@
// Deprecated: Use RspFile.ProtoReflect.Descriptor instead.
func (*RspFile) Descriptor() ([]byte, []int) {
- return file_sbox_proto_rawDescGZIP(), []int{3}
+ return file_sbox_proto_rawDescGZIP(), []int{4}
}
func (x *RspFile) GetFile() string {
@@ -330,7 +460,7 @@
func (x *PathMapping) Reset() {
*x = PathMapping{}
if protoimpl.UnsafeEnabled {
- mi := &file_sbox_proto_msgTypes[4]
+ mi := &file_sbox_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -343,7 +473,7 @@
func (*PathMapping) ProtoMessage() {}
func (x *PathMapping) ProtoReflect() protoreflect.Message {
- mi := &file_sbox_proto_msgTypes[4]
+ mi := &file_sbox_proto_msgTypes[5]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -356,7 +486,7 @@
// Deprecated: Use PathMapping.ProtoReflect.Descriptor instead.
func (*PathMapping) Descriptor() ([]byte, []int) {
- return file_sbox_proto_rawDescGZIP(), []int{4}
+ return file_sbox_proto_rawDescGZIP(), []int{5}
}
func (x *PathMapping) GetFrom() string {
@@ -383,7 +513,7 @@
0x08, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6f, 0x75, 0x74,
0x70, 0x75, 0x74, 0x5f, 0x64, 0x65, 0x70, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
0x09, 0x52, 0x0d, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x44, 0x65, 0x70, 0x66, 0x69, 0x6c, 0x65,
- 0x22, 0xdc, 0x01, 0x0a, 0x07, 0x43, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x12, 0x2b, 0x0a, 0x0b,
+ 0x22, 0xb3, 0x02, 0x0a, 0x07, 0x43, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x12, 0x2b, 0x0a, 0x0b,
0x63, 0x6f, 0x70, 0x79, 0x5f, 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28,
0x0b, 0x32, 0x0a, 0x2e, 0x73, 0x62, 0x6f, 0x78, 0x2e, 0x43, 0x6f, 0x70, 0x79, 0x52, 0x0a, 0x63,
0x6f, 0x70, 0x79, 0x42, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x68, 0x64,
@@ -396,23 +526,37 @@
0x73, 0x68, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x48,
0x61, 0x73, 0x68, 0x12, 0x2a, 0x0a, 0x09, 0x72, 0x73, 0x70, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73,
0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x73, 0x62, 0x6f, 0x78, 0x2e, 0x52, 0x73,
- 0x70, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x08, 0x72, 0x73, 0x70, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x22,
- 0x4a, 0x0a, 0x04, 0x43, 0x6f, 0x70, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x18,
- 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x12, 0x0e, 0x0a, 0x02, 0x74,
- 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, 0x12, 0x1e, 0x0a, 0x0a, 0x65,
- 0x78, 0x65, 0x63, 0x75, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52,
- 0x0a, 0x65, 0x78, 0x65, 0x63, 0x75, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x22, 0x55, 0x0a, 0x07, 0x52,
- 0x73, 0x70, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x01,
- 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x36, 0x0a, 0x0d, 0x70, 0x61,
- 0x74, 0x68, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
- 0x0b, 0x32, 0x11, 0x2e, 0x73, 0x62, 0x6f, 0x78, 0x2e, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x70,
- 0x70, 0x69, 0x6e, 0x67, 0x52, 0x0c, 0x70, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e,
- 0x67, 0x73, 0x22, 0x31, 0x0a, 0x0b, 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e,
- 0x67, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52,
- 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x12, 0x0e, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28,
- 0x09, 0x52, 0x02, 0x74, 0x6f, 0x42, 0x23, 0x5a, 0x21, 0x61, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64,
- 0x2f, 0x73, 0x6f, 0x6f, 0x6e, 0x67, 0x2f, 0x63, 0x6d, 0x64, 0x2f, 0x73, 0x62, 0x6f, 0x78, 0x2f,
- 0x73, 0x62, 0x6f, 0x78, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+ 0x70, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x08, 0x72, 0x73, 0x70, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12,
+ 0x2b, 0x0a, 0x03, 0x65, 0x6e, 0x76, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x73,
+ 0x62, 0x6f, 0x78, 0x2e, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56,
+ 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x03, 0x65, 0x6e, 0x76, 0x12, 0x28, 0x0a, 0x10,
+ 0x64, 0x6f, 0x6e, 0x74, 0x5f, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x5f, 0x65, 0x6e, 0x76,
+ 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x64, 0x6f, 0x6e, 0x74, 0x49, 0x6e, 0x68, 0x65,
+ 0x72, 0x69, 0x74, 0x45, 0x6e, 0x76, 0x22, 0x7e, 0x0a, 0x13, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f,
+ 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x12, 0x0a,
+ 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
+ 0x65, 0x12, 0x16, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+ 0x48, 0x00, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x16, 0x0a, 0x05, 0x75, 0x6e, 0x73,
+ 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x05, 0x75, 0x6e, 0x73, 0x65,
+ 0x74, 0x12, 0x1a, 0x0a, 0x07, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x18, 0x04, 0x20, 0x01,
+ 0x28, 0x08, 0x48, 0x00, 0x52, 0x07, 0x69, 0x6e, 0x68, 0x65, 0x72, 0x69, 0x74, 0x42, 0x07, 0x0a,
+ 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0x4a, 0x0a, 0x04, 0x43, 0x6f, 0x70, 0x79, 0x12, 0x12,
+ 0x0a, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72,
+ 0x6f, 0x6d, 0x12, 0x0e, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x02,
+ 0x74, 0x6f, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x78, 0x65, 0x63, 0x75, 0x74, 0x61, 0x62, 0x6c, 0x65,
+ 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x65, 0x78, 0x65, 0x63, 0x75, 0x74, 0x61, 0x62,
+ 0x6c, 0x65, 0x22, 0x55, 0x0a, 0x07, 0x52, 0x73, 0x70, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x12, 0x0a,
+ 0x04, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x66, 0x69, 0x6c,
+ 0x65, 0x12, 0x36, 0x0a, 0x0d, 0x70, 0x61, 0x74, 0x68, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e,
+ 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x73, 0x62, 0x6f, 0x78, 0x2e,
+ 0x50, 0x61, 0x74, 0x68, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x0c, 0x70, 0x61, 0x74,
+ 0x68, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x22, 0x31, 0x0a, 0x0b, 0x50, 0x61, 0x74,
+ 0x68, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x72, 0x6f, 0x6d,
+ 0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x12, 0x0e, 0x0a, 0x02,
+ 0x74, 0x6f, 0x18, 0x02, 0x20, 0x02, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, 0x42, 0x23, 0x5a, 0x21,
+ 0x61, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x2f, 0x73, 0x6f, 0x6f, 0x6e, 0x67, 0x2f, 0x63, 0x6d,
+ 0x64, 0x2f, 0x73, 0x62, 0x6f, 0x78, 0x2f, 0x73, 0x62, 0x6f, 0x78, 0x5f, 0x70, 0x72, 0x6f, 0x74,
+ 0x6f,
}
var (
@@ -427,25 +571,27 @@
return file_sbox_proto_rawDescData
}
-var file_sbox_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
+var file_sbox_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
var file_sbox_proto_goTypes = []interface{}{
- (*Manifest)(nil), // 0: sbox.Manifest
- (*Command)(nil), // 1: sbox.Command
- (*Copy)(nil), // 2: sbox.Copy
- (*RspFile)(nil), // 3: sbox.RspFile
- (*PathMapping)(nil), // 4: sbox.PathMapping
+ (*Manifest)(nil), // 0: sbox.Manifest
+ (*Command)(nil), // 1: sbox.Command
+ (*EnvironmentVariable)(nil), // 2: sbox.EnvironmentVariable
+ (*Copy)(nil), // 3: sbox.Copy
+ (*RspFile)(nil), // 4: sbox.RspFile
+ (*PathMapping)(nil), // 5: sbox.PathMapping
}
var file_sbox_proto_depIdxs = []int32{
1, // 0: sbox.Manifest.commands:type_name -> sbox.Command
- 2, // 1: sbox.Command.copy_before:type_name -> sbox.Copy
- 2, // 2: sbox.Command.copy_after:type_name -> sbox.Copy
- 3, // 3: sbox.Command.rsp_files:type_name -> sbox.RspFile
- 4, // 4: sbox.RspFile.path_mappings:type_name -> sbox.PathMapping
- 5, // [5:5] is the sub-list for method output_type
- 5, // [5:5] is the sub-list for method input_type
- 5, // [5:5] is the sub-list for extension type_name
- 5, // [5:5] is the sub-list for extension extendee
- 0, // [0:5] is the sub-list for field type_name
+ 3, // 1: sbox.Command.copy_before:type_name -> sbox.Copy
+ 3, // 2: sbox.Command.copy_after:type_name -> sbox.Copy
+ 4, // 3: sbox.Command.rsp_files:type_name -> sbox.RspFile
+ 2, // 4: sbox.Command.env:type_name -> sbox.EnvironmentVariable
+ 5, // 5: sbox.RspFile.path_mappings:type_name -> sbox.PathMapping
+ 6, // [6:6] is the sub-list for method output_type
+ 6, // [6:6] is the sub-list for method input_type
+ 6, // [6:6] is the sub-list for extension type_name
+ 6, // [6:6] is the sub-list for extension extendee
+ 0, // [0:6] is the sub-list for field type_name
}
func init() { file_sbox_proto_init() }
@@ -479,7 +625,7 @@
}
}
file_sbox_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*Copy); i {
+ switch v := v.(*EnvironmentVariable); i {
case 0:
return &v.state
case 1:
@@ -491,7 +637,7 @@
}
}
file_sbox_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*RspFile); i {
+ switch v := v.(*Copy); i {
case 0:
return &v.state
case 1:
@@ -503,6 +649,18 @@
}
}
file_sbox_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*RspFile); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_sbox_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*PathMapping); i {
case 0:
return &v.state
@@ -515,13 +673,18 @@
}
}
}
+ file_sbox_proto_msgTypes[2].OneofWrappers = []interface{}{
+ (*EnvironmentVariable_Value)(nil),
+ (*EnvironmentVariable_Unset)(nil),
+ (*EnvironmentVariable_Inherit)(nil),
+ }
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_sbox_proto_rawDesc,
NumEnums: 0,
- NumMessages: 5,
+ NumMessages: 6,
NumExtensions: 0,
NumServices: 0,
},
diff --git a/cmd/sbox/sbox_proto/sbox.proto b/cmd/sbox/sbox_proto/sbox.proto
index 2f0dcf0..1158554 100644
--- a/cmd/sbox/sbox_proto/sbox.proto
+++ b/cmd/sbox/sbox_proto/sbox.proto
@@ -51,6 +51,30 @@
// A list of files that will be copied before the sandboxed command, and whose contents should be
// copied as if they were listed in copy_before.
repeated RspFile rsp_files = 6;
+
+ // The environment variables that will be set or unset while running the command.
+ // Also see dont_inherit_env.
+ repeated EnvironmentVariable env = 7;
+
+ // By default, all environment variables are inherited from the calling process, but may be
+ // replaced or unset by env. If dont_inherit_env is set, no environment variables will be
+ // inherited, and instead only the variables in env will be defined.
+ optional bool dont_inherit_env = 8;
+}
+
+message EnvironmentVariable {
+ // The name of the environment variable
+ required string name = 1;
+ oneof state {
+ // The value to set the environment variable to.
+ string value = 2;
+ // This environment variable should be unset in the command.
+ bool unset = 3;
+ // This environment variable should be inherited from the parent process.
+ // Can be combined with dont_inherit_env to only inherit certain environment
+ // variables.
+ bool inherit = 4;
+ }
}
// Copy describes a from-to pair of files to copy. The paths may be relative, the root that they